I have it in lib/ext and below definition in custom.properties as described in Security Providers in https://karaf.apache.org/manual/latest/security
org.apache.karaf.security.providers = org.bouncycastle.jce.provider.BouncyCastleProvider -Yogesh On Sun, 27 Jan 2019 at 11:11 PM, Jean-Baptiste Onofré <[email protected]> wrote: > That's maybe about the SSH agent (for authentication). But, I'm using bc > in my custom distro without problem. Let me double check the bc version > and the way it's installed. > > Do you have bc installed via startup.properties or bundle:install ? > > Regards > JB > > On 27/01/2019 16:57, Yogesh Sharma wrote: > > Hi JB, > > > > Did you have any suggestion as why bc is cauing karaf client (sshd) to > fail. > > > > > > /Thanks & Regards, > > > > Yogesh Sharma > > / > > > > > > On Sat, Jan 26, 2019 at 3:12 PM Yogesh Sharma <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi JB, > > > > For secrets managements. > > > > /Thanks & Regards, > > > > Yogesh Sharma > > / > > > > > > On Sat, Jan 26, 2019 at 2:33 PM Jean-Baptiste Onofré > > <[email protected] <mailto:[email protected]>> wrote: > > > > Hi, > > > > Oh ok. Interesting. What for are you using bc ? > > > > Regards > > JB > > > > On 26/01/2019 09:03, Yogesh Sharma wrote: > > > > > > I found this as in issue with bouncy castle version 1.55 we > > are using. > > > > > > /Thanks & Regards, > > > > > > Yogesh Sharma > > > / > > > > > > > > > On Fri, Jan 25, 2019 at 11:18 PM Yogesh Sharma > > <[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > > > Nothing unusual in karaf.log . Enabled DEBUG but did not > saw > > > anything suspicious. Checking further. > > > > > > Thanks > > > Yogesh > > > > > > On Fri, 25 Jan 2019 at 10:18 PM, Jean-Baptiste Onofré > > > <[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > > > It sounds good. > > > > > > Nothing in karaf.log ? > > > > > > That's weird, I don't see obvious issue here. > > > > > > Regards > > > JB > > > > > > On 25/01/2019 16:23, Yogesh Sharma wrote: > > > > Agreed that it is environmental issue. > > > > > > > > > > > > We start with ${KARAF_HOME}/bin/start clean [For > > background mode] > > > > > > > > > > > > *Java Version* > > > > > > > > $ java -version > > > > java version "1.8.0_181" > > > > Java(TM) SE Runtime Environment (build 1.8.0_181-b13) > > > > Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, > > mixed mode) > > > > > > > > > > > > *No IPTables: {no blocker}* > > > > > > > > # iptables -L > > > > Chain INPUT (policy ACCEPT) > > > > target prot opt source > > destination > > > > > > > > Chain FORWARD (policy ACCEPT) > > > > target prot opt source > > destination > > > > > > > > Chain OUTPUT (policy ACCEPT) > > > > target prot opt source > > destination > > > > You have new mail in /var/spool/mail/root > > > > > > > > I will check what else could be the issue. > > > > > > > > /Thanks & Regards, > > > > > > > > Yogesh Sharma > > > > / > > > > > > > > > > > > On Fri, Jan 25, 2019 at 8:37 PM Jean-Baptiste Onofré > > > <[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>> wrote: > > > > > > > > Hi, > > > > > > > > What JDK do you use ? > > > > > > > > Nothing in the Karaf log ? > > > > You confirm that, before trying ssh client, you > > start > > > karaf with > > > > bin/karaf right ? > > > > No iptables on your machine ? > > > > > > > > For sure it's an environment issue. > > > > > > > > Regards > > > > JB > > > > > > > > On 25/01/2019 15:52, Yogesh Sharma wrote: > > > > > > > > > > /Hi JB,/ > > > > > / > > > > > / > > > > > /I tried it again but same issue. Karaf SSH > port > > > /22222 is not > > > > > listening. Could it be some config issue? > > > > > // > > > > > / > > > > > / > > > > > /[root@ip-10-89-101-98 apache-karaf]# netstat > > -tulnp | > > > grep /22222/ > > > > > [root@ip-10-89-101-98 apache-karaf]# > > bin/client -a 22222 > > > > > Logging in as karaf > > > > > Failed to get the session. > > > > > [root@ip-10-89-101-98 apache-karaf]# ssh -p > 22222 > > > [email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>> > > > > > ssh: connect to host 127.0.0.1 port 22222: > > Connection > > > refused > > > > > [root@ip-10-89-101-98 apache-karaf]# > > > > > / > > > > > / > > > > > / > > > > > / > > > > > / > > > > > /cat etc/org.apache.karaf.shell.cfg | grep -v > "^#" > > > > > > > > > > sshPort=22222 > > > > > sshHost=127.0.0.1 > > > > > sshIdleTimeout=1800000 > > > > > sshRealm=karaf > > > > > hostKey=${karaf.etc}/host.key > > > > > hostKeyFormat=simple > > > > > completionMode=GLOBAL > > > > > > > > > > / > > > > > / > > > > > / > > > > > / > > > > > / > > > > > /Thanks & Regards, > > > > > > > > > > Yogesh Sharma > > > > > / > > > > > > > > > > > > > > > On Fri, Jan 25, 2019 at 7:57 PM Jean-Baptiste > > Onofré > > > > <[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>>> wrote: > > > > > > > > > > So, on a fresh Karaf 4.1.6 instance (I'm > > on Ubuntu): > > > > > > > > > > 1. I changed > > etc/org.apache.karaf.shell.cfg with: > > > > > > > > > > sshPort=22222 > > > > > > > > > > 2. I started instance with regular > bin/karaf > > > > > > > > > > 3. I can connect with the client, no > problem: > > > > > > > > > > bin/client -a 22222 > > > > > > > > > > 4. I can also connect with ssh: > > > > > > > > > > ssh -p 22222 karaf@localhost > > > > > > > > > > So it works without problem for me. > > > > > > > > > > Can you please try to remove the > > heading/trailing > > > space around > > > > 22222 ? > > > > > > > > > > Regards > > > > > JB > > > > > > > > > > On 25/01/2019 15:15, Yogesh Sharma wrote: > > > > > > Hi JB, > > > > > > > > > > > > Will you be able to replicate this issue? > > > > > > > > > > > > /Thanks & Regards, > > > > > > > > > > > > Yogesh Sharma > > > > > > / > > > > > > > > > > > > > > > > > > On Thu, Jan 24, 2019 at 3:44 PM > > Jean-Baptiste Onofré > > > > > <[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>> > > > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>>>> wrote: > > > > > > > > > > > > Let me try with 4.1.6. > > > > > > > > > > > > Regards > > > > > > JB > > > > > > > > > > > > On 24/01/2019 10:42, Yogesh Sharma > > wrote: > > > > > > > Hi JB, > > > > > > > > > > > > > > Please find the comments inline > below: > > > > > > > > > > > > > > *what Karaf version are you using > ?* > > > > > > > > > > > > > > Version: 4.1.6 > > > > > > > > > > > > > > *Did you try to find on 0.0.0.0 > > instead of > > > the loopback ?* > > > > > > > > > > > > > > Yes, it is not listening there as > well > > > (netstat) and > > > > client > > > > > gives the > > > > > > > same error message > > > > > > > > > > > > > > [root@ip-10-89-85-51 bin]# netstat > > -tulnp | > > > grep 0.0.0.0 | > > > > > grep 22222 > > > > > > > [root@ip-10-89-85-51 bin]# > > ../bin/client -a > > > 22222 -h > > > > 0.0.0.0 > > > > > > > Logging in as karaf > > > > > > > Failed to get the session. > > > > > > > [root@ip-10-89-85-51 bin] > > > > > > > > > > > > > > > > > > > > > > > > > > > > *Do you have something in the log > > when sshd > > > starts ?* > > > > > > > > > > > > > > Nothing unusual, Below are the > > restart logs > > > > > > > > > > > > > > Jan 24 01:41:53 ip-10-89-85-51 > > systemd: Stopping > > > > OpenSSH server > > > > > > daemon... > > > > > > > Jan 24 01:41:53 ip-10-89-85-51 > > systemd: > > > Stopped OpenSSH > > > > > server daemon. > > > > > > > Jan 24 01:41:53 ip-10-89-85-51 > > systemd: Starting > > > > OpenSSH server > > > > > > daemon... > > > > > > > Jan 24 01:41:53 ip-10-89-85-51 > sshd: > > > /etc/ssh/sshd_config > > > > > line 71: > > > > > > > Deprecated option > > RhostsRSAAuthentication > > > > > > > Jan 24 01:41:53 ip-10-89-85-51 > > systemd: > > > Started OpenSSH > > > > > server daemon. > > > > > > > > > > > > > > /Thanks & Regards, > > > > > > > > > > > > > > Yogesh Sharma > > > > > > > / > > > > > > > > > > > > > > > > > > > > > On Thu, Jan 24, 2019 at 2:41 PM > > > Jean-Baptiste Onofré > > > > > > <[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>> > > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>>> > > > > > > > <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>> > > <mailto:[email protected] <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>> > > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> > > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>>>>>> wrote: > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > what Karaf version are you > using ? > > > > > > > > > > > > > > Did you try to find on 0.0.0.0 > > instead > > > of the > > > > loopback ? > > > > > > > > > > > > > > Do you have something in the > > log when > > > sshd starts ? > > > > > > > > > > > > > > Regards > > > > > > > JB > > > > > > > > > > > > > > On 24/01/2019 09:48, Yogesh > > Sharma wrote: > > > > > > > > Hi List, > > > > > > > > > > > > > > > > We are getting "Failed to > > get the > > > session." while > > > > > trying to > > > > > > connect to > > > > > > > > karaf using client. Actual > > issue is we are > > > > unable to list > > > > > > bundle. > > > > > > > > > > > > > > > > > > > > > > > > We are using custom sshPort > in > > > > > org.apache.karaf.shell.cfg i.e. : > > > > > > > > > > > > > > > > # cat > > org.apache.karaf.shell.cfg | > > > grep -v "^#" > > > > > > > > sshPort = 22222 > > > > > > > > sshHost = 127.0.0.1 > > > > > > > > sshIdleTimeout = 1800000 > > > > > > > > sshRealm = karaf > > > > > > > > hostKey = > ${karaf.etc}/host.key > > > > > > > > hostKeyFormat = simple > > > > > > > > sshRole = admin > > > > > > > > completionMode = GLOBAL > > > > > > > > > > > > > > > > However, I don't see that > > this port is > > > listening > > > > and we do > > > > > > > bin/client we > > > > > > > > get below message: > > > > > > > > > > > > > > > > [root@localhost etc]# > > netstat -tulnp | > > > grep 22222 > > > > > > > > [root@localhost etc]# > > > > > > > > > > > > > > > > Login Attempt using client > > is failing with > > > > *"Failed to > > > > > get the > > > > > > > session."* > > > > > > > > > > > > > > > > *[root@ip-10-89-83-49 etc]# > > ../bin/client > > > > > > > > Logging in as karaf > > > > > > > > Failed to get the session.* > > > > > > > > > > > > > > > > [root@ip-10-89-83-49 etc]# > > > ../bin/client -a 22222 > > > > > > > > Logging in as karaf > > > > > > > > Failed to get the session. > > > > > > > > > > > > > > > > [root@ip-10-89-83-49 etc]# > > > ../bin/client -a 22222 -h > > > > > 127.0.0.1 > > > > > > > > Logging in as karaf > > > > > > > > Failed to get the session. > > > > > > > > [root@ip-10-89-83-49 etc]# > > > > > > > > > > > > > > > > Any suggestions please ? > > > > > > > > > > > > > > > > > > > > > > > > /Thanks & Regards, > > > > > > > > > > > > > > > > Yogesh Sharma / > > > > > > > > > > > > > > -- > > > > > > > Jean-Baptiste Onofré > > > > > > > [email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] > > <mailto:[email protected]>> <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto: > [email protected]>>> > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>>> > > > > > <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] > > <mailto:[email protected]>> <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto: > [email protected]>>> > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>>>> > > > > > > <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] > > <mailto:[email protected]>> <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto: > [email protected]>>> > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>>> > > > > > <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] > > <mailto:[email protected]>> <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto: > [email protected]>>> > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>>>>> > > > > > > > http://blog.nanthrax.net > > > > > > > Talend - http://www.talend.com > > > > > > > > > > > > > > > > > > > -- > > > > > > Jean-Baptiste Onofré > > > > > > [email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] > > <mailto:[email protected]>> <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto: > [email protected]>>> > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>>> > > > > > <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] > > <mailto:[email protected]>> <mailto:[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto: > [email protected]>>> > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>>>> > > > > > > http://blog.nanthrax.net > > > > > > Talend - http://www.talend.com > > > > > > > > > > > > > > > > -- > > > > > Jean-Baptiste Onofré > > > > > [email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>> > > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>> > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>>> > > > > > http://blog.nanthrax.net > > > > > Talend - http://www.talend.com > > > > > > > > > > > > > -- > > > > Jean-Baptiste Onofré > > > > [email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] > > <mailto:[email protected]> <mailto:[email protected] > > <mailto:[email protected]>>> > > > > http://blog.nanthrax.net > > > > Talend - http://www.talend.com > > > > > > > > > > -- > > > Jean-Baptiste Onofré > > > [email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > http://blog.nanthrax.net > > > Talend - http://www.talend.com > > > > > > -- > > > Yogesh Sharma > > > > > > > -- > > Jean-Baptiste Onofré > > [email protected] <mailto:[email protected]> > > http://blog.nanthrax.net > > Talend - http://www.talend.com > > > > -- > Jean-Baptiste Onofré > [email protected] > http://blog.nanthrax.net > Talend - http://www.talend.com > -- Yogesh Sharma
